{{- define "resources_argocd-image-updater" }}
cpu: 50m
memory: 100Mi
{{- end }}

{{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: argocd-image-updater
  namespace: d8-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "argocd-image-updater")) | nindent 2 }}
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: argocd-image-updater
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
    - containerName: argocd-image-updater
      minAllowed:
        {{- include "resources_argocd-image-updater" . | nindent 8 }}
      maxAllowed:
        cpu: 100m
        memory: 200Mi
{{- end }}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: argocd-image-updater
  namespace: d8-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app.kubernetes.io/name" "argocd-image-updater" "app" "argocd-image-updater")) | nindent 2 }}
spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-image-updater
---
apiVersion: apps/v1
kind: Deployment
metadata:
  {{- include "helm_lib_module_labels" (list . (dict "app.kubernetes.io/component" "controller" "app.kubernetes.io/name" "argocd-image-updater" "app.kubernetes.io/part-of" "argocd-image-updater" "app" "argocd-image-updater")) | nindent 2 }}
  name: argocd-image-updater
  namespace: d8-{{ .Chart.Name }}
spec:
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-image-updater
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: argocd-image-updater
        app: argocd-image-updater
      annotations:
        # Argo CD Image Updater pod must be restarted to apply updated configuration updates. There
        # are plans to add this behaviour in the upstream.
        # https://argocd-image-updater.readthedocs.io/en/v0.6.2/configuration/registries/#specifying-credentials-for-accessing-container-registries
        checksum/config: {{ include (print $.Template.BasePath "/argocd/image-updater/argocd-image-updater-config-configmap.yaml") . | sha256sum }}
    spec:
      {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }}
      {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
      {{- include "helm_lib_priority_class" (tuple . "cluster-medium") | nindent 6 }}
      {{- include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" .Chart.Name)) | nindent 6 }}
      {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}
      containers:
        - command:
            - /usr/local/bin/argocd-image-updater
            - run
          env:
            - name: APPLICATIONS_API
              valueFrom:
                configMapKeyRef:
                  key: applications_api
                  name: argocd-image-updater-config
                  optional: true
            - name: ARGOCD_GRPC_WEB
              valueFrom:
                configMapKeyRef:
                  key: argocd.grpc_web
                  name: argocd-image-updater-config
                  optional: true
            - name: ARGOCD_SERVER
              valueFrom:
                configMapKeyRef:
                  key: argocd.server_addr
                  name: argocd-image-updater-config
                  optional: true
            - name: ARGOCD_INSECURE
              valueFrom:
                configMapKeyRef:
                  key: argocd.insecure
                  name: argocd-image-updater-config
                  optional: true
            - name: ARGOCD_PLAINTEXT
              valueFrom:
                configMapKeyRef:
                  key: argocd.plaintext
                  name: argocd-image-updater-config
                  optional: true
            - name: ARGOCD_TOKEN
              valueFrom:
                secretKeyRef:
                  key: argocd.token
                  name: argocd-image-updater-secret
                  optional: true
            - name: IMAGE_UPDATER_LOGLEVEL
              valueFrom:
                configMapKeyRef:
                  key: log.level
                  name: argocd-image-updater-config
                  optional: true
            - name: GIT_COMMIT_USER
              valueFrom:
                configMapKeyRef:
                  key: git.user
                  name: argocd-image-updater-config
                  optional: true
            - name: GIT_COMMIT_EMAIL
              valueFrom:
                configMapKeyRef:
                  key: git.email
                  name: argocd-image-updater-config
                  optional: true
            - name: IMAGE_UPDATER_KUBE_EVENTS
              valueFrom:
                configMapKeyRef:
                  key: kube.events
                  name: argocd-image-updater-config
                  optional: true
          image: {{ include "helm_lib_module_image" (list . "argocdImageUpdater") }}
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 3
            periodSeconds: 30
          name: argocd-image-updater
          ports:
            - containerPort: 8080
          resources:
            requests:
            {{- include "helm_lib_module_ephemeral_storage_logs_with_extra" 1024 | nindent 14 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
            {{- include "resources_argocd-image-updater" . | nindent 14 }}
{{- end }}
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 10 }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 3
            periodSeconds: 30
          volumeMounts:
            - mountPath: /app/config
              name: image-updater-conf
            - mountPath: /app/config/ssh
              name: ssh-known-hosts
      serviceAccountName: argocd-image-updater
      volumes:
        - configMap:
            items:
              - key: registries.conf
                path: registries.conf
              - key: git.commit-message-template
                path: commit.template
            name: argocd-image-updater-config
            optional: true
          name: image-updater-conf
        - configMap:
            name: argocd-ssh-known-hosts-cm
            optional: true
          name: ssh-known-hosts
